From d09cc1533e858290b3cfa3d4eb3906453e3b2fe9 Mon Sep 17 00:00:00 2001 From: Christian Hofmaier Date: Tue, 16 Jan 2018 15:25:56 +0100 Subject: [baseconfig_partitions_cdn] implemented permission-system. you can only see site if you have atleast one permission. fixed the save-button (it's working now!). Didn't know what to do with this download-button. --- .../baseconfig_partitions_cdn/permissions/permissions.json | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 modules-available/baseconfig_partitions_cdn/permissions/permissions.json (limited to 'modules-available/baseconfig_partitions_cdn/permissions/permissions.json') diff --git a/modules-available/baseconfig_partitions_cdn/permissions/permissions.json b/modules-available/baseconfig_partitions_cdn/permissions/permissions.json new file mode 100644 index 00000000..286a975b --- /dev/null +++ b/modules-available/baseconfig_partitions_cdn/permissions/permissions.json @@ -0,0 +1,7 @@ +[ + "show", + "partitions.add", + "partitions.delete", + "partitions.edit", + "partitions.reset" +] \ No newline at end of file -- cgit v1.2.3-55-g7522 From a8b0095b335780ae0bb950bc44021215d43a6b2d Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 12 Feb 2018 14:17:07 +0100 Subject: [permissionmanager] Introduce "location-aware" flag for permissions This flag tells wether the permission can be restricted to certain locations in a meaningful way. This flag has to be set in the permissions.json of the according module. For example, the permission to reboot the server cannot be limited to certain locations in a meaningful way, while the view of the client log can be filtered to only show log entries for clients in specific locations. --- .../backup/permissions/permissions.json | 12 +++-- .../permissions/permissions.json | 24 +++++++--- .../dozmod/permissions/permissions.json | 52 ++++++++++++++++------ .../eventlog/permissions/permissions.json | 8 ++-- .../exams/permissions/permissions.json | 13 +++--- .../internetaccess/permissions/permissions.json | 8 ++-- .../locations/permissions/permissions.json | 32 +++++++++---- .../minilinux/permissions/permissions.json | 12 +++-- .../news/permissions/permissions.json | 20 ++++++--- .../permissionmanager/inc/permissionutil.inc.php | 9 ++-- modules-available/permissionmanager/page.inc.php | 21 +++++---- modules-available/permissionmanager/style.css | 28 ++++++------ .../permissionmanager/templates/roleeditor.html | 42 +++++++---------- .../permissionmanager/templates/treenode.html | 23 +++++----- .../permissionmanager/templates/treepanel.html | 2 +- .../rebootcontrol/permissions/permissions.json | 16 ++++--- .../serversetup-bwlp/permissions/permissions.json | 16 ++++--- .../statistics/permissions/permissions.json | 16 ++++--- .../permissions/permissions.json | 36 ++++++++++----- .../syslog/permissions/permissions.json | 8 ++-- .../systemstatus/permissions/permissions.json | 48 ++++++++++++++------ .../vmstore/permissions/permissions.json | 16 ++++--- .../webinterface/permissions/permissions.json | 16 ++++--- 23 files changed, 309 insertions(+), 169 deletions(-) (limited to 'modules-available/baseconfig_partitions_cdn/permissions/permissions.json') diff --git a/modules-available/backup/permissions/permissions.json b/modules-available/backup/permissions/permissions.json index feeffe33..1f778ab6 100644 --- a/modules-available/backup/permissions/permissions.json +++ b/modules-available/backup/permissions/permissions.json @@ -1,4 +1,8 @@ -[ - "create", - "restore" -] \ No newline at end of file +{ + "create": { + "location-aware": false + }, + "restore": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/baseconfig_partitions_cdn/permissions/permissions.json b/modules-available/baseconfig_partitions_cdn/permissions/permissions.json index 286a975b..3acd5230 100644 --- a/modules-available/baseconfig_partitions_cdn/permissions/permissions.json +++ b/modules-available/baseconfig_partitions_cdn/permissions/permissions.json @@ -1,7 +1,17 @@ -[ - "show", - "partitions.add", - "partitions.delete", - "partitions.edit", - "partitions.reset" -] \ No newline at end of file +{ + "partitions.add": { + "location-aware": false + }, + "partitions.delete": { + "location-aware": false + }, + "partitions.edit": { + "location-aware": false + }, + "partitions.reset": { + "location-aware": false + }, + "show": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/dozmod/permissions/permissions.json b/modules-available/dozmod/permissions/permissions.json index e8dfb558..b4ff034b 100644 --- a/modules-available/dozmod/permissions/permissions.json +++ b/modules-available/dozmod/permissions/permissions.json @@ -1,14 +1,38 @@ -[ - "images.delete", - "mail.save", - "mail.testmail", - "runtimeconfig.save", - "templates.save", - "templates.reset", - "users.setmail", - "users.setlogin", - "users.setsu", - "users.orglogin", - "log.showuser", - "log.showtarget" -] \ No newline at end of file +{ + "images.delete": { + "location-aware": false + }, + "log.showtarget": { + "location-aware": false + }, + "log.showuser": { + "location-aware": false + }, + "mail.save": { + "location-aware": false + }, + "mail.testmail": { + "location-aware": false + }, + "runtimeconfig.save": { + "location-aware": false + }, + "templates.reset": { + "location-aware": false + }, + "templates.save": { + "location-aware": false + }, + "users.orglogin": { + "location-aware": false + }, + "users.setlogin": { + "location-aware": false + }, + "users.setmail": { + "location-aware": false + }, + "users.setsu": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/eventlog/permissions/permissions.json b/modules-available/eventlog/permissions/permissions.json index f04ea714..a1748957 100644 --- a/modules-available/eventlog/permissions/permissions.json +++ b/modules-available/eventlog/permissions/permissions.json @@ -1,3 +1,5 @@ -[ - "view" -] \ No newline at end of file +{ + "view": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/exams/permissions/permissions.json b/modules-available/exams/permissions/permissions.json index 215b3399..e44974b6 100644 --- a/modules-available/exams/permissions/permissions.json +++ b/modules-available/exams/permissions/permissions.json @@ -1,5 +1,8 @@ -[ - "exams.add", - "exams.delete", - "exams.edit" -] \ No newline at end of file +{ + "exams.edit": { + "location-aware": true + }, + "exams.view": { + "location-aware": true + } +} \ No newline at end of file diff --git a/modules-available/internetaccess/permissions/permissions.json b/modules-available/internetaccess/permissions/permissions.json index 67998da7..09652e51 100644 --- a/modules-available/internetaccess/permissions/permissions.json +++ b/modules-available/internetaccess/permissions/permissions.json @@ -1,3 +1,5 @@ -[ - "configuration.safe" -] \ No newline at end of file +{ + "configuration.safe": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/locations/permissions/permissions.json b/modules-available/locations/permissions/permissions.json index 609a673a..06b01d2c 100644 --- a/modules-available/locations/permissions/permissions.json +++ b/modules-available/locations/permissions/permissions.json @@ -1,9 +1,23 @@ -[ - "location.view", - "location.edit", - "location.add", - "location.delete", - "subnet.edit", - "subnet.add", - "subnet.delete" -] \ No newline at end of file +{ + "location.add": { + "location-aware": false + }, + "location.delete": { + "location-aware": false + }, + "location.edit": { + "location-aware": false + }, + "location.view": { + "location-aware": false + }, + "subnet.add": { + "location-aware": false + }, + "subnet.delete": { + "location-aware": false + }, + "subnet.edit": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/minilinux/permissions/permissions.json b/modules-available/minilinux/permissions/permissions.json index 457d9810..650f7e71 100644 --- a/modules-available/minilinux/permissions/permissions.json +++ b/modules-available/minilinux/permissions/permissions.json @@ -1,4 +1,8 @@ -[ - "show", - "update" -] \ No newline at end of file +{ + "show": { + "location-aware": false + }, + "update": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/news/permissions/permissions.json b/modules-available/news/permissions/permissions.json index 321e73ea..0d9435d7 100644 --- a/modules-available/news/permissions/permissions.json +++ b/modules-available/news/permissions/permissions.json @@ -1,6 +1,14 @@ -[ - "news.save", - "news.delete", - "help.save", - "help.delete" -] \ No newline at end of file +{ + "help.delete": { + "location-aware": false + }, + "help.save": { + "location-aware": false + }, + "news.delete": { + "location-aware": false + }, + "news.save": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php index 5ff41046..3daf422e 100644 --- a/modules-available/permissionmanager/inc/permissionutil.inc.php +++ b/modules-available/permissionmanager/inc/permissionutil.inc.php @@ -100,9 +100,9 @@ class PermissionUtil if (!is_array($data)) continue; preg_match('#^modules/([^/]+)/#', $file, $out); - foreach( $data as $p ) { + foreach( $data as $p => $data) { $description = Dictionary::translateFileModule($out[1], "permissions", $p); - self::putInPermissionTree($out[1].".".$p, $description, $permissions); + self::putInPermissionTree($out[1].".".$p, $data['location-aware'], $description, $permissions); } } ksort($permissions); @@ -120,10 +120,11 @@ class PermissionUtil * Place a permission into the given permission tree. * * @param string $permission the permission to place in the tree + * @param bool $locationAware whether this permissions can be restricted to specific locations only * @param string $description the description of the permission * @param array $tree the permission tree to modify */ - private static function putInPermissionTree($permission, $description, &$tree) + private static function putInPermissionTree($permission, $locationAware, $description, &$tree) { $subPermissions = explode('.', $permission); foreach ($subPermissions as $subPermission) { @@ -134,6 +135,6 @@ class PermissionUtil $tree =& $tree[$subPermission]; } } - $tree = $description; + $tree = array('description' => $description, 'location-aware' => $locationAware, 'isLeaf' => true); } } \ No newline at end of file diff --git a/modules-available/permissionmanager/page.inc.php b/modules-available/permissionmanager/page.inc.php index 13d81c6a..bb8482af 100644 --- a/modules-available/permissionmanager/page.inc.php +++ b/modules-available/permissionmanager/page.inc.php @@ -100,18 +100,21 @@ class Page_PermissionManager extends Page $toplevel = $permString == ""; if ($toplevel && in_array("*", $selectedPermissions)) $selectAll = true; foreach ($permissions as $k => $v) { - $leaf = !is_array($v); + $leaf = isset($v['isLeaf']) && $v['isLeaf']; $nextPermString = $permString ? $permString.".".$k : $k; $id = $leaf ? $nextPermString : $nextPermString.".*"; $selected = $selectAll || in_array($id, $selectedPermissions); - $res .= Render::parse("treenode", - array("id" => $id, - "name" => $toplevel ? Module::get($k)->getDisplayName() : $k, - "toplevel" => $toplevel, - "checkboxname" => "permissions", - "selected" => $selected, - "HTML" => $leaf ? "" : self::generatePermissionHTML($v, $selectedPermissions, $selected, $nextPermString), - "description" => $leaf ? $v : "")); + $data = array("id" => $id, + "name" => $toplevel ? Module::get($k)->getDisplayName() : $k, + "toplevel" => $toplevel, + "checkboxname" => "permissions", + "selected" => $selected, + "HTML" => $leaf ? "" : self::generatePermissionHTML($v, $selectedPermissions, $selected, $nextPermString), + ); + if ($leaf) { + $data += $v; + } + $res .= Render::parse("treenode", $data); } if ($toplevel) { $res = Render::parse("treepanel", diff --git a/modules-available/permissionmanager/style.css b/modules-available/permissionmanager/style.css index 49d631a8..9c39af64 100644 --- a/modules-available/permissionmanager/style.css +++ b/modules-available/permissionmanager/style.css @@ -55,28 +55,28 @@ background-color: rgba(0, 182, 41, 0.23); } -.tree-container { - -moz-column-gap: 20px; - -webkit-column-gap: 20px; - column-gap: 20px; -} - - .tree-container > ul { display: inline-block; width: 100%; padding: 0; } -@media (max-width: 767px) { - .tree-container { - -moz-column-count: 1; - -webkit-column-count: 1; - column-count: 1; - } +.tree-container > ul > li > div > label { + font-weight: bold; +} + +.tree-container { + -moz-column-gap: 20px; + -webkit-column-gap: 20px; + column-gap: 20px; + -moz-column-count: 1; + -webkit-column-count: 1; + column-count: 1; + padding-left: 20px; + padding-right: 20px; } -@media (min-width: 768px) and (max-width: 991px) { +@media (min-width: 768px) { .tree-container { -moz-column-count: 2; -webkit-column-count: 2; diff --git a/modules-available/permissionmanager/templates/roleeditor.html b/modules-available/permissionmanager/templates/roleeditor.html index 871fd0cc..eadce027 100644 --- a/modules-available/permissionmanager/templates/roleeditor.html +++ b/modules-available/permissionmanager/templates/roleeditor.html @@ -4,32 +4,24 @@ -
-
- + +
+
+ {{{permissionHTML}}}
-
-
-
-
-
- {{{permissionHTML}}} -
-
- {{{locationHTML}}} -
-
+
+ {{{locationHTML}}}
diff --git a/modules-available/permissionmanager/templates/treenode.html b/modules-available/permissionmanager/templates/treenode.html index ced973ca..43509237 100644 --- a/modules-available/permissionmanager/templates/treenode.html +++ b/modules-available/permissionmanager/templates/treenode.html @@ -1,11 +1,14 @@ {{#toplevel}}
    {{/toplevel}} -
  • -
    - - -
    -
      - {{{HTML}}} -
    -
    • -{{#toplevel}}
{{/toplevel}} +
  • +
    + + +
    +
      + {{{HTML}}} +
    +
    • +{{#toplevel}}{{/toplevel}} \ No newline at end of file diff --git a/modules-available/permissionmanager/templates/treepanel.html b/modules-available/permissionmanager/templates/treepanel.html index 6f358825..8b510407 100644 --- a/modules-available/permissionmanager/templates/treepanel.html +++ b/modules-available/permissionmanager/templates/treepanel.html @@ -6,7 +6,7 @@
    -
    +
    {{{HTML}}}
    diff --git a/modules-available/rebootcontrol/permissions/permissions.json b/modules-available/rebootcontrol/permissions/permissions.json index 5230c9bd..5de9b633 100644 --- a/modules-available/rebootcontrol/permissions/permissions.json +++ b/modules-available/rebootcontrol/permissions/permissions.json @@ -1,5 +1,11 @@ -[ - "shutdown", - "reboot", - "newkeypair" -] \ No newline at end of file +{ + "newkeypair": { + "location-aware": false + }, + "reboot": { + "location-aware": true + }, + "shutdown": { + "location-aware": true + } +} \ No newline at end of file diff --git a/modules-available/serversetup-bwlp/permissions/permissions.json b/modules-available/serversetup-bwlp/permissions/permissions.json index 2166cf8e..6bae5422 100644 --- a/modules-available/serversetup-bwlp/permissions/permissions.json +++ b/modules-available/serversetup-bwlp/permissions/permissions.json @@ -1,5 +1,11 @@ -[ - "edit.address", - "edit.menu", - "download" -] \ No newline at end of file +{ + "download": { + "location-aware": false + }, + "edit.address": { + "location-aware": false + }, + "edit.menu": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/statistics/permissions/permissions.json b/modules-available/statistics/permissions/permissions.json index 97a49036..c9dca9f3 100644 --- a/modules-available/statistics/permissions/permissions.json +++ b/modules-available/statistics/permissions/permissions.json @@ -1,5 +1,11 @@ -[ - "view", - "note", - "delete" -] \ No newline at end of file +{ + "machine.delete": { + "location-aware": true + }, + "machine.note": { + "location-aware": true + }, + "machine.view": { + "location-aware": true + } +} \ No newline at end of file diff --git a/modules-available/statistics_reporting/permissions/permissions.json b/modules-available/statistics_reporting/permissions/permissions.json index d967b75d..1244027e 100644 --- a/modules-available/statistics_reporting/permissions/permissions.json +++ b/modules-available/statistics_reporting/permissions/permissions.json @@ -1,10 +1,26 @@ -[ - "table.view.total", - "table.view.location", - "table.view.client", - "table.view.user", - "table.view.vm", - "table.export", - "reporting.download", - "reporting.change" -] \ No newline at end of file +{ + "reporting.change": { + "location-aware": false + }, + "reporting.download": { + "location-aware": false + }, + "table.export": { + "location-aware": false + }, + "table.view.client": { + "location-aware": true + }, + "table.view.location": { + "location-aware": true + }, + "table.view.total": { + "location-aware": false + }, + "table.view.user": { + "location-aware": false + }, + "table.view.vm": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/syslog/permissions/permissions.json b/modules-available/syslog/permissions/permissions.json index f04ea714..fcf530c5 100644 --- a/modules-available/syslog/permissions/permissions.json +++ b/modules-available/syslog/permissions/permissions.json @@ -1,3 +1,5 @@ -[ - "view" -] \ No newline at end of file +{ + "view": { + "location-aware": true + } +} \ No newline at end of file diff --git a/modules-available/systemstatus/permissions/permissions.json b/modules-available/systemstatus/permissions/permissions.json index 0333564b..8324f708 100644 --- a/modules-available/systemstatus/permissions/permissions.json +++ b/modules-available/systemstatus/permissions/permissions.json @@ -1,13 +1,35 @@ -[ - "show.overview.diskstat", - "show.overview.services", - "show.overview.adresses", - "show.overview.systeminfo", - "show.overview.dmsdusers", - "show.logs.bwlpserver", - "show.logs.netstat", - "show.logs.pslist", - "show.logs.ldapad", - "show.logs.lighttpd", - "serverreboot" -] \ No newline at end of file +{ + "serverreboot": { + "location-aware": false + }, + "show.logs.bwlpserver": { + "location-aware": false + }, + "show.logs.ldapad": { + "location-aware": false + }, + "show.logs.lighttpd": { + "location-aware": false + }, + "show.logs.netstat": { + "location-aware": false + }, + "show.logs.pslist": { + "location-aware": false + }, + "show.overview.adresses": { + "location-aware": false + }, + "show.overview.diskstat": { + "location-aware": false + }, + "show.overview.dmsdusers": { + "location-aware": false + }, + "show.overview.services": { + "location-aware": false + }, + "show.overview.systeminfo": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/vmstore/permissions/permissions.json b/modules-available/vmstore/permissions/permissions.json index f2c22c72..29ee6a51 100644 --- a/modules-available/vmstore/permissions/permissions.json +++ b/modules-available/vmstore/permissions/permissions.json @@ -1,5 +1,11 @@ -[ - "choose.internal", - "choose.nfs", - "choose.cifs" -] \ No newline at end of file +{ + "choose.cifs": { + "location-aware": false + }, + "choose.internal": { + "location-aware": false + }, + "choose.nfs": { + "location-aware": false + } +} \ No newline at end of file diff --git a/modules-available/webinterface/permissions/permissions.json b/modules-available/webinterface/permissions/permissions.json index 45b5395d..fa6f493f 100644 --- a/modules-available/webinterface/permissions/permissions.json +++ b/modules-available/webinterface/permissions/permissions.json @@ -1,5 +1,11 @@ -[ - "edit.https", - "edit.password", - "edit.design" -] \ No newline at end of file +{ + "edit.design": { + "location-aware": false + }, + "edit.https": { + "location-aware": false + }, + "edit.password": { + "location-aware": false + } +} \ No newline at end of file -- cgit v1.2.3-55-g7522